Hmm, I remember reading a blog someplace where the person seriously advocated building the security into the system before the system has been made to work. He noted that programmers leave out security measures because they are trying to get the code to work. Then after the function is enabled they graft the security on later. He suggested building in the security from line one of code. Of course how to accomplish this new way of program design is never specified.

The blogger is even more inane than those people who posit that "everything should be free."

Edit: Sorry it was some time ago when I encountered the blog. I have no clue where I could dig up the citation.

It's fairly straightforward to design security into a system, which basically comes down to controlling access to memory and the supervisor. The old mainframe security was virtually bulletproof in that regard. The real problem today is that this type of security can be cumbersome to deal with on a highly interactive interrupt-driven OS targeted for workstations as opposed to something intended for servers where the allowed running processes are usually very fixed and restricted. So the security usually gets "detuned" as the saying goes, until people stop complaining. AFAIK there's no easy way to work around that, so design compromises are unavoidable.

If anybody does find a way to get the absolute best of both worlds when it comes to operational transparency and strong security, they should be pleased to know there's a very large fortune and probably a Nobel Prize waiting for them to claim it.

It's fairly straightforward to design security into a system, which basically comes down to controlling access to memory and the supervisor. The old mainframe security was virtually bulletproof in that regard.

That's only a very small part of the whole picture, though... there's a Whole Lot Of Horrible in that world because people mess up the (complicated!) security settings and then expose the boxes to the internet. Like when Anakata of PirateBay fame hacked the central Danish police mainframe.

It's fairly straightforward to design security into a system, which basically comes down to controlling access to memory and the supervisor. The old mainframe security was virtually bulletproof in that regard.

That's only a very small part of the whole picture, though... there's a Whole Lot Of Horrible in that world because people mess up the (complicated!) security settings and then expose the boxes to the internet. Like when Anakata of PirateBay fame hacked the central Danish police mainframe.